Error opening template: advertisement/zones/468x60_generic.tplError opening template: advertisement/zones/728x90_leaderboard.tplError opening template: advertisement/zones/728x90_bottom_ad.tplError opening template: advertisement/zones/300x250_right_ros_up.tplError opening template: advertisement/zones/300x250_right_ros_down.tplError opening template: advertisement/zones/160x600_left_nav.tplError opening template: advertisement/zones/160x600_right_nav.tpl CoolWebSearch: How It Works and How to Remove It

CoolWebSearch: How It Works and How to Remove It

CoolWebSearch is one of the most well known pieces of malware for hijacking your browser. It is a browser hijacker that comes in a variety of different versions which all use different techniques. Although the code is different depending upon the version of CoolWebSearch, all versions send sensitive data back to the CoolWebSearch site and all of the other sites that are associated with CoolWebSearch.

How CoolWebSearch Works

Originally, CoolWebSearch only worked with Internet Explorer but now it contains versions that work with Mozilla Firefox.

Some of the different versions perform the following malicious activity:

  • Data Notary: This version of CoolWebSearch is designed with a code that attempts to determine when the PC user is viewing pornographic sites by dropping a file into the Windows folder which is set to track all of the websites you visit.
  • Boot Conf: This file helps to get CoolWebSearch listed with your antivirus program as a trusted website by dropping a file into your PC that points toward the CoolWebSearch website. It will also hijack your home page and reset all of your search settings to direct your information to its website.

  • MSInfo: This works the same way as the Boot Conf file except that it points towards sites that are associated with CoolWebSearch such as true-counter.com and global-finder.com
  • Svc Host: This version of CoolWebSearch hijacks your Host file and targets search sites such as Yahoo, Google, and MSN Search which all point to your local hosts file. Your computer acts as the local host for running the browser on these sites and the result of the insertion of the CoolWebSearch file is to create an error page which is hijacked to one of the sites associated with CoolWebSearch.

  • Winres: CoolWebSearch/Winres inserts a .dll file which changes your Start page to about-blank which resembles a page in a search engine. The file will change the Start page frequently while adding other sites into your trusted sites and downloading adware such as 2020search.
  • PnP: This CoolWebSearch file performs some of the same functions as the Boot Conf file except that it points everything toward a pornographic website

CoolWebSearch Removal

The problem with this type of browser hijacking malware is that it is very tricky to remove depending upon the version that has been installed on your PC. The best route to take with this type of malware is to install a very reputable anti-spyware tool that is designed to get rid of CoolWebSearch files.

Keep in mind that the malware is created by affiliates of CoolWebSearch that abuse the program by redirecting you to information that you did not request.

(0 Comments)
Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

Fraud causes hundreds of millions of dollars in damage each year and affects just as many people.

Credit card fraud is the most common type of fraud to occur each year and cost its victims up to $500 million dollars in damages each year. Despite the frequent occurrence of this type of fraud, millions of credit card users are still unaware of how to protect themselves against this type of thievery.

No one is completely safe from being defrauded. But, by learning how to protect against fraud, you will be better equipped to prevent yourself from falling into a scam that could cost you everything. Taking the time to protect yourself can help to keep you safe.